# Implementation Plan: VPS Image Migration

**Branch**: `003-vps-image-migration` | **Date**: February 3, 2026 | **Spec**: /home/jawz/Development/NixOS/specs/003-vps-image-migration/spec.md
**Input**: Feature specification from `/specs/003-vps-image-migration/spec.md`

## Summary

Migrate image building away from the deprecated generator to the upstream NixOS image workflow, add a new vps host that produces a Linode-compatible image, and implement a secure two-phase secrets bootstrap that requires re-encryption after the host generates its own key. Provide a repeatable remote rebuild workflow limited to explicitly authorized operator machines.

## Technical Context

**Language/Version**: Nix (flakes; nixpkgs 25.11)  
**Primary Dependencies**: nixpkgs, flake-parts, sops-nix  
**Storage**: N/A (configuration repo)  
**Testing**: Manual validation (image build, boot, network, secret availability, rebuild)  
**Target Platform**: NixOS image for Linode VPS  
**Project Type**: Infrastructure configuration (single repo)  
**Performance Goals**: N/A  
**Constraints**: No regressions for existing hosts; secrets must remain secure; first boot must be reachable for enrollment; rebuilds restricted to authorized operator machines  
**Scale/Scope**: Small number of hosts, single vps target

## Constitution Check

No enforceable principles are defined in the current constitution file (placeholders only). Gate passes by default.
Post-design re-check: no changes; still pass.

## Project Structure

### Documentation (this feature)

```text
specs/003-vps-image-migration/
├── plan.md
├── research.md
├── data-model.md
├── quickstart.md
├── contracts/
└── tasks.md
```

### Source Code (repository root)

```text
flake.nix
parts/
hosts/
modules/
secrets/
scripts/
config/
environments/
```

**Structure Decision**: Use the existing Nix flake layout with host definitions in `hosts/`, shared logic in `modules/`, and flake assembly in `parts/`.

## Complexity Tracking

No constitution violations to track.